The Secure Socket Layer (SSL) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network. In today’s Internet focused world, the SSL protocol is typically used when a web browser needs to securely connect to a web server over the insecure Internet.
Technically, SSL is a transparent protocol which requires little interaction from the end user when establishing a secure session. In the case of a browser for instance, users are alerted to the presence of SSL when the address bar displays a green padlock. This is the key to the success of SSL: it is an incredibly simple experience for end users.
Unsecured HTTP URLs begin with “http://” and secure HTTPS URLs begin with “https://”. Unsecured HTTP URLs are attacked by criminals allowing them to collect sensitive information including credit card details and account logins which are being transmitted online. Sending or posting data through the browser using secure HTTPS URLs ensures that such information is encrypted and secure from criminals.
Most SSL Certificates contain the domain name, company name, address, city and country. It also contains an expiration date of the certificate and the details of the Certificate Authority (the company who issued the SSL). When a browser attempts to establish an SSL connection to a website it checks to make sure the certificate is not expired, has been issued by a trusted authority, and is being used for the correct website. If any of these checks fails your web browser will display a warning notice informing the user that the site is not secured by SSL.
There are many reasons for SSL to be used:
- To secure online credit card transactions.
- To secure users logins and any sensitive information exchanged online.
- To secure intranet based traffic such as file sharing and database connections.